Global Economics

BusinessWeek

Russian hackers have stolen €800,000 from Sweden's largest bank Nordea after a sophisticated phishing attack tricked some of its internet customers into downloading a Trojan horse that recorded their account login details.

The first attack took place in August 2006 and was detected a month later. Around 250 of Nordea's customers have been hit by the attack to date.

Hackers targeted the bank's customers with emails purporting to be from Nordea that told them to download an anti-spam tool. But those who downloaded the attachment were infected by the Trojan 'haxdoor.ki'.

The malicious software activates itself when the customer tries to log on to Nordea's internet banking service and displays an error message asking the customer to re-enter their login information, which is then recorded and sent to servers belonging to the hackers.

Swedish police have traced the attacks to Russia, via servers in the US, and have arrested more than 100 middlemen in Sweden already, the bank said.

A Nordea spokesman confirmed the attacks are ongoing but told silicon.com they have "quietened down" after the initial influx last autumn.

He said: "This is ongoing. We have compensated all the customers in full. We are constantly looking at the security of our online banking and many different measures are taken. We are updating our systems behind the scenes."

He added that these are broad-based attacks and that phishing is a global phenomenon.